Author Topic: adobe illustrator exe false positive??  (Read 6391 times)

0 Members and 1 Guest are viewing this topic.

sciencegal

  • Guest
adobe illustrator exe false positive??
« on: October 24, 2010, 05:16:16 PM »
This morning I went to launch Adobe illustrator 8.0 which I use several times a week.  My Avast 5 pro sees the exe file as a malware gen threat and deleted the exe launch file.  I did an update of Avast which is was already updated, and tried restoring the exe file.  No go.   All I can think of to do is turn off Avast which means I'd also have to disconnect from the internet.  Then, I worry that the adobe file is infected instead of being a false positive. 

Can anyone help me today?  I need to get a job finished by noon  (three hours from now) using Illustrator.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: adobe illustrator exe false positive??
« Reply #1 on: October 24, 2010, 05:37:01 PM »
What is the malware name, the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ?

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can't do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive. Now exclude that folder in the File System Shield, Expert Settings, Exclusions, Add, type (or copy and paste) C:\Suspect\*
That will stop the File System Shield scanning any file you put in that folder.

If only GData and avast detect it - GData uses avast as one of its two scanners so counts as 1 detection and almost certainly an FP.
Send the sample to avast as a False Positive:
Open the chest and right click on the file and select 'Submit to virus lab...' complete the form and submit, the file will be uploaded during the next update.

- In the meantime (if you accept the risk), add the full path to the file to the exclusions lists:
File System Shield, Expert Settings, Exclusions, Add and
avast Settings, Exclusions

Restore it to its original location, periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the File System Shield and avast Settings, exclusions lists.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline -Genesis-

  • Sr. Member
  • ****
  • Posts: 286
Re: adobe illustrator exe false positive??
« Reply #2 on: October 24, 2010, 05:46:40 PM »
I have same problem last week on Adobe Photoshop CS3 installer the file is detected as heuristic .... i forgot the name of detection. I didn't quarantined the file.

I just wait for a week and seems avast didn't detect it. And grab to install it.

Today its running fine without detection.

Avast making FP on Adobe Products.
Windows 11 Pro / Windows Defender/
Ryzen 5 1600/ Aorus Gtx 1080Ti Xtreme/ Gskill Trident Z RGB 3000/ Samsung Evo 250GB/ Western Digital Black 1 TB

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: adobe illustrator exe false positive??
« Reply #3 on: October 24, 2010, 05:54:04 PM »
Without information on the detection I can't speculate as to the cause, but what you should have done is what I suggested above rather than wait for an outcome in the future.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

sciencegal

  • Guest
Re: adobe illustrator exe false positive??
« Reply #4 on: October 24, 2010, 06:18:16 PM »
I just finished a scan of my two harddrives.  It found 8 instances of Win32:Malware-gen in exe files.  Some of those exe files are those I created in Adobe Flash, one was the illustrator 8 exe file.  There were two other things that were not the malware-gen, one in a pdf file.  I can't find the list now of the threats.  So, I don't know what to do.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: adobe illustrator exe false positive??
« Reply #5 on: October 24, 2010, 06:32:51 PM »
Do what I suggested, send a few to virustotal and send to avast for analysis and correction if considered a false positive.

The avast Win32:Malware-gen is generic signature (the -gen at the end of the malware name), so that is trying to catch multiple variants of the same type of malware and is a fine balance between detecting a new variant and detecting something valid as infected.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

sciencegal

  • Guest
Re: adobe illustrator exe false positive??
« Reply #6 on: October 24, 2010, 06:42:12 PM »
Okay, I sent the illustrator file from the Avast control panel and I'll send it from to the other location.  Do you think it will work if I uninstall Illustrator then reinstall?  I need to use this software today.

I found the list of the ten threats.  It's saying all are high threats.  The only one different from the rest is called JS:Pdfka-AMM[Expl].  It was in a plugin-uhggck.pdf. I have a screen capture but don't know how to post it.  There was one in a root folder Ive never heard of...called RECYCLER followed by ton of numbers that had a Dc13.exe file that was infected. It and five others couldn't be moved to the chest because it said there was not enough space on the disc which is odd.  Is it possible that some virus (maybe that one) was infecting these other files?

sciencegal

  • Guest
Re: adobe illustrator exe false positive??
« Reply #7 on: October 24, 2010, 06:48:25 PM »
Sent the illustrator file to the Virus Total.  Only Avast and G-data are seeing it as a threat.  So, I think I will exclude it so I can use the software. 

sciencegal

  • Guest
Re: adobe illustrator exe false positive??
« Reply #8 on: October 24, 2010, 07:15:25 PM »
This is really frustrating.  I excluded the exe file on the desktop but illustrator wouldn't launch because a file was now missing.  I uninstalled illustrator but now cannot reinstall because everytime I try Avast recognizes the illustrator exe file and deletes it just as soon as it is installed.  Can anyone help with this?  Right now I really hate AVAST.